Security
at all levels

Bpm’online ensures the highest level of security and privacy of stored data by supporting it both
at the application and network levels, as well as at the physical access level.

     

Security of access and network

Bpm’online complex multi-level security system enables tracking operations and events at the application and network levels, with separate monitoring of each security level.

Network traffic monitoring prevents any attempts of unauthorized access and provides additional protection from DDoS attacks.

Network monitoring systems (firewalls, SIEM, IPS / IDS, etc.) provide attack resistance and permanent online control. In addition, they stop suspicious activities on the network level.

Connection control on the application and database levels enables isolating, filtering and managing the licensed connections within the integration processes.

Bpm’online network is protected using several security protocols for preventing unauthorized access: HTTPS (TLS 1.2), TCP/IP, etc.

User ID, password and all the transmitted data are encrypted using a 128-bit key, which guarantees security of data storage, processing and delivery.

Switches and firewalls are available at each level, which enables configuring personalized security policies (limiting access by IP, device types, domains, geography, etc.) and controlling the access to the application.

     

Physical security

Physical access to data centers is approved and verified by the authorized hosting providers.

Bpm’online data is stored in different geographical areas on professional hosting platforms – Amazon Web Service and Microsoft Azure, which are secure from unauthorized access to servers. Autonomous power supplies and enterprise-grade security systems guarantee complete data security and smooth operation of the data center 24/7. Data storage infrastructure enables performing regular archiving of critically important information and safe data backup.

The data processing centers are compliant with international industry standards, including GDPR, ISO 27001, HIPAA, FedRAMP, SOC 1, SOC 2.

     

Security at the application level

Separate database

Unlike other cloud services that store information on different customers in a single database, bpm’online has a separate database for each customer. This makes it impossible to access your company’s information for other customers who use the application. In addition, all the data stored in bpm’online is encrypted.

Supporting single authorization

WebSSO technology simplifies authentication of users and ensures quick and safe bpm’online implementation. Support of SAML 2.0 standard provides connection to the most used authentication providers.

Password security

Extended tools enable system administrators to set the required password complexity, limit the number of login attempts and set password expiry dates for the accounts. Passwords are hashed using salt and encrypted according to the OWASP requirements.

Roles and permissions

Bpm’online administrative capabilities allow for building the role hierarchy taking into consideration both organizational structure and employee position within this structure, as well as user functional roles. Access rights can be assigned both for specific roles and for each bpm’online user.

Access permissions

Bpm’online can implement any data and operation-related access permissions: from providing full access to specific sections for all users, to denying and granting access to specific roles only. Bpm’online supports administering by objects, records or columns with the ability to restrict access to reading, modifying and deleting data.

Audit log

The audit log records critically important operations and provides administrators and information security specialists with full information regarding assigning permissions to objects, changes in the role structure and access levels, login attempts, changes in the system settings, etc.

     

External security control

Bpm’online software undergoes regular reviews to confirm its compliance with international standards. In addition, we use external software and hardware, as well as monitoring services to ensure security at all levels.

Compliance with security standards

Security of the software and business processes is maintained in compliance with the world best practices and is being continuously audited by independent experts with regards to the ISO / IEC 27001: 2013 compliance certificate issued to the bpm’online cloud services and software. In addition, bpm’online complies with the HIPAA security requirements and the GDPR regulations.

Vulnerability scanning

Bpm’online development practices are compliant with the “Secure software development policy”, which requirements apply to every newly released software version on the pre-release testing stage. Bpm’online utilizes designated software to identify possible security issues.

Training and process control

To comply with ISO 27001 requirements, we hold regular trainings and testing. Training topics include data security policy, security regulations, general working procedures and department cooperation rules, etc.

External audit

Bpm’online software products regularly undergo compliance control, as well as external scanning and security testing by different third-party tools. This guarantees elimination of a critical vulnerability that could affect confidentiality, integrity or availability of the web application.

Penetration testing

Bpm’online holds regular internal and external penetration testing for the network and software with Internet access. The software undergoes regular penetration testing with the involvement of industry experts. The methodology of app security assessment is designed according to OWASP Testing Guide.

     

Security policy

Bpm’online certified specialists perform regular control and optimization of the security measures.